formbook | 2196-13-0x0000000000400000-0x000000000042F000-memory[.]dmp

General

Target

2196-13-0x0000000000400000-0x000000000042F000-memory.dmp
Size

188KB
MD5

1798b3d43a4759f1600761166ffbace1
SHA1

04a6bc264e910b055fbec38142040869a6701168
SHA256

ce97b83a3cd52f6199f5011970980fef73d40abe11428f97f16a6a93abc58893
SHA512

b27e8fc88f8eb3801d23a5712949b9c58ee1b54634cb33031e0970bd6f3ba93791151ecbc40f4c916ea4b70c14ef27a566c509bdbe7875ae2b4918e65370f18f
SSDEEP

3072:JncbkDcxkrWi4c3EyeofZ8CHHKaJOC1/MU78EA9tU2nwhS0B9:zoizExCxKaJOCvRCt1wrB9

Score

10^/10

rat pz12 formbook

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

pz12

Decoy

paucanyes.com

autonwheels.com

cowboysandcaviarbar.com

fitnessengineeredworkouts.com

nuevobajonfavorito.com

dflx8.com

rothability.com

sxybet88.com

onesource.live

brenjitu1904.com

airdrop-zero1labs.com

guangdongqiangzhetc.com

apartments-for-rent-72254.bond

ombak99.lol

qqfoodsolutions.com

kyyzz.com

thepicklematch.com

ainth.com

missorris.com

gabbygomez.com

Signatures

Formbook family
formbook
Formbook payload 1 IoCs
rat

Processes:

resource yara_rule

sample formbook

resource	yara_rule
sample	formbook

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

Processes:

resource
2196-13-0x0000000000400000-0x000000000042F000-memory.dmp

Files

2196-13-0x0000000000400000-0x000000000042F000-memory.dmp
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 180KB - Virtual size: 180KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 180KB - Virtual size: 180KB

.text
Size: 180KB - Virtual size: 180KB